b'Final Audit Report, \xe2\x80\x9cControls over the Detection, Response, and Reporting of Network\nSecurity Incidents Needed Improvement at Four NASA Centers Reviewed\xe2\x80\x9d (Report\nNo. IG-07-014; Assignment No. A-06-008-00)\n\nOn June 19, 2007, we issued the final report on our review of NASA\xe2\x80\x99s controls over the\nprocess of incident detection, response, and reporting. We found that the controls in\nplace at the four Centers we visited did not provide reasonable assurance that network\nsecurity incidents were detected, resolved, and reported in a timely fashion. We made six\nrecommendations that, when implemented, would provide that assurance. NASA\nmanagement concurred and initiated appropriate corrective actions for four of the six\nrecommendations. For one of the unresolved recommendations, one Center\xe2\x80\x99s Chief\nInformation Officer (CIO) did not address the allocation of resources for training\npersonnel responsible for incident detection. For the other unresolved recommendation,\nthe NASA CIO did not provide an estimated completion date for the actions described,\nalthough we considered the described actions to be responsive. We requested additional\ncomments concerning those recommendations in response to the final report.\n\nThe memorandum contains NASA Information Technology/Internal Systems Data that is\nnot routinely released under the Freedom of Information Act (FOIA). To submit a FOIA\nrequest, see the online guide.\n\x0c'